Best Practices: Anti-Money Laundering and Customer Information Selected Requirements
INTRODUCTION
This document is intended to provide IIUSA members with guidance regarding anti-money
laundering (AML), including Customer Identification (CI), best practices. U.S. federal
regulators generally define money laundering as transactions intended to do any of the
following:

Disguise the true source of the transactions’ funds;

Disguise the ultimate disposition of the transactions’ funds;

Eliminate any audit trail and make it appear as though the funds came through legitimate
sources; and

Evade income taxes.
Money laundering is generally understood to be the process by which individuals or entities
attempt to conceal the true origin and ownership of the proceeds of internationally
recognized criminal activity (such as organized crime, drug trafficking, or terrorism)
involving the use of a financial system to disguise the origin of assets, for example, by
creating complex layers of financial transactions and by the integration of the laundered
proceeds into the economy as clean money.
In drafting this document, the IIUSA Best Practices Committee (Committee) focused on
provisions that the Committee believes are likely to be generally – but not universally –
applicable to IIUSA members. The Committee recognizes that not all IIUSA members play a
role in EB-5 transactions that involves, for example, evaluating customer data and/or handling
funds. Accordingly, each of these provisions is labeled as a "Consideration”. The Committee
encourages each IIUSA member to carefully evaluate the applicability of each Consideration
to its business with the assistance of qualified counsel, if necessary.
THE BANK SECRECY ACT AND THE PATRIOT ACT
For IIUSA members new to the EB-5 space, the relevance of the Bank Secrecy Act (BSA)
http://www.fincen.gov/statutes_regs/bsa/ – which is a comprehensive Federal AML law that
Page 1 of 10 historically required “financial institutions” to comply with AML regulations – is often not
immediately obvious.
Enacted in October 2001, following the terrorist attacks of 9/11/2001, The USA PATRIOT
Act1 made a significant number of changes to the BSA to enable the tracking of financial
assets in the economy to combat the financing of terrorism, including:
I. Expanded Definition of Financial Institutions. The definition of financial institution
was greatly expanded2 to 27 categories that include both traditional finance industry
entities and also other persons or entities that could include IIUSA members, such as:

Loan or finance companies;

Persons involved in real estate closings and settlements;

Private bankers;

Investment companies (whether or not registered);

Securities brokers (whether or not registered);

Investment bankers; and

Any other category the Treasury Secretary determines (by regulation) or
designates (regulation not required) for specified reasons.
II. Anti-Money Laundering Program Requirement (AML Program). Requires
“financial institutions” to establish AML Programs that include, at a minimum, the
following “four pillars”:

Development of internal policies, procedures, and controls;

Designation of an anti-money laundering compliance officer;

An ongoing employee training program; and

Independent audit function to test the AML Program.3
Consideration of the size, location, and activities of the financial institutions must be
taken into account. Program Rules are discussed in greater detail below.
III. Customer Identification Programs (CI Program). Prescribes regulations establishing
minimum standards for “financial institutions” and their “customers” regarding the
identity of a customer at the time of opening of an account.4 At a minimum, CI Programs
must implement reasonable procedures for:

Verifying the identity of any person seeking to open an account;

Maintaining records of the information used to verify identity, including name,
address, and other identifying information; and

Determining whether the person appears on any lists of known or suspected
Page 2 of 10 terrorists or terrorist organizations provided to the financial institution by any
government agency.
The various types of accounts maintained by various types of financial institutions, the
methods of opening accounts, and the types of identifying information available all must be
taken into account when establishing these standards.
Thus, it is quite possible that IIUSA members – be they Regional Centers and affiliated
issuers investing in project entities, intermediaries, project entities, or other EB-5 transaction
participants – may be covered by the BSA’s broad definition of “financial institution” and
therefore may be subject to AML Program Rule requirements that may include CI Program
and other requirements applicable to financial institutions thereunder. IIUSA takes no
position on the question of whether, as a general matter, regional centers or other EB-5
transaction participants are “financial institutions” for BSA purposes, as making such a
determination requires a fact-specific, case-by-case analysis.
CONSIDERATION: IIUSA members should consult with experienced legal counsel to
determine whether and to what extent the BSA and, in particular, the associated AML
Program Rules described below apply to them. Regardless of whether an IIUSA member
qualifies as a “financial institution” for BSA purposes, the best practice is for IIUSA
members to adopt (with the assistance of qualified counsel) policies and procedures tailored
to each IIUSA member’s business that are reasonably designed to ensure that the AML
Program (including CI Program, if applicable) goals are achieved.
THE AML PROGRAM RULES
The USA PATRIOT Act allows the Secretary of the Treasury to adopt regulations providing
minimum compliance standards. To date, Treasury Department’s Financial Crimes
Enforcement Network (FinCEN) has adopted a General Rule applicable to all “financial
institutions” (and temporarily exempting 13 categories from the AML Program requirements
described above5) and adopted6 or proposed7 specific Rules (each different for the reasons
stated above) for 12 categories of “financial institutions” (Category Rules) (together, the
Program Rules or the Rules). (See Summary Table below). Each “financial institution” looks
to the General Rule and then to its Category Rule, if applicable, to determine any additional
minimum requirements. All Categories are required to have AML Programs (some of which
are required to include CI Programs).
CONSIDERATION: Taking into consideration the specific circumstances of the IIUSA
member, adopt an AML Program in an effort to detect and prevent money launderers from
using the IIUSA member as a means for carrying out their illicit practices, to address, at a
minimum, the following:
A. COMPLIANCE WITH THE AML PROGRAM RULES. Establish and
implement an AML Program that includes policies, procedures and internal controls
reasonably designed to prevent the IIUSA member from being used for money
laundering or the financing of terrorist activities, and to achieve compliance with the
spirit – and, if the BSA applies to the IIUSA member, the letter – of the BSA and
Page 3 of 10 the regulations thereunder, including the AML Program Rules.
Note: The AML Program Rules direct each covered entity to develop its own AML
Program (including any applicable CI Program), but recognize that some institutions
conduct their operations through separate entities, and therefore some elements of the
compliance program may best be performed by personnel of these separate entities.
Accordingly, the AML Program Rules permit an institution to contractually delegate
the implementation of its AML Program to certain separate entities. Delegates must
agree, in writing, to inspection and examination by Federal examiners with respect to
the requirements of the AML Program. The delegator is still ultimately responsible for
compliance with the AML Program Rules and therefore must actively monitor the
performance of its delegates. This ability to delegate is particularly relevant in the EB-5
context, as many IIUSA regional center members operate their businesses in a multientity structure that is akin, if not directly analogous, to that contemplated by the AML
Program Rules.
B. INDIRECT COVERED PROVIDERS. In the traditional financial services
context, a common example of what the BSA refers to as an “Indirect Covered
Provider” is a securities firm whose customers invest through omnibus accounts
created by an intermediary – often an investment adviser or another securities firm –
who maintains individual accounts for and makes block investments on behalf of
those customers. More broadly, under the BSA, Indirect Covered Providers may be
broker-dealers, investment professionals, and other similar financial intermediaries
who perform some or all of the following activities for a financial institution: (i)
handling customer applications and the creation of accounts; (ii) receipt of funds and
the processing of transactions for customer accounts; and/or (iii) disbursement of
funds from customer accounts. When an IIUSA regional center member’s business
model is to collaborate with (sometimes referred to as “renting” to) a third-party project
sponsor or investment manager rather than directly controlling the issuer of securities
to EB-5 investors, the third- party sponsor or investment manager may act essentially
as what the BSA refers to as an “Indirect Covered Provider.”
Just as a securities firm may not have information about the identities and transaction
activities of the individual customers represented in an omnibus account
administered by an Indirect Covered Provider, an IIUSA member may not have
information about the identities and transaction activities of the individual EB-5
investors solicited by a project sponsor that is the party issuing securities (typically
limited partnership interests). In such circumstances, the best practice is for the IIUSA
member (as an important component of its overall AML Program) to adhere to the
same standard applicable to a financial institution under the BSA, i.e., to use its best
efforts to obtain a certification from each third party acting in a role equivalent to that
of an Indirect Covered Provider that represents that such party:
(i) has established an AML program reasonably designed to comply with all applicable
AML laws and regulations, as well as with the regulations administered by the Office
of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury; (ii) will
take steps to identify the customers for which it acts in its dealings with the IIUSA
member; and (iii) will monitor customer transactions to detect and, where appropriate,
report suspicious activities.
Page 4 of 10 C. CUSTOMER IDENTIFICATION PROGRAM. AML Programs that must
include a CI Program component require each covered person or entity to develop and
implement a CI Program that includes risk-based procedures that allow the covered
person or entity to form a reasonable belief that it knows the true identity of its new
customers as a part of its overall AML Program. The Rule does not require verification
of the identity of certain “exempt customers,” such as: (i) federally regulated financial
institutions (e.g., investment companies regulated by the SEC and national banks); (ii)
banks regulated by certain state bank regulators; (iii) U.S. or state government agencies
and instrumentalities; and (iv) certain publicly-traded companies, under certain
circumstances.
D. While IIUSA takes no position with respect to whether any particular IIUSA
member is considered an issuer of securities or a “financial institution” under the BSA,
it is common for IIUSA members and their affiliates to issue securities, often via private
offerings of limited partnership interests or limited liability company interests. Also, as
discussed in Section B above, it is common for IIUSA members to play a narrower role,
providing regional center administrative services to third parties who issue securities
intended to be purchased by individual EB-5 investors. In either case, just as with AML
procedures generally as discussed in Section B, the best practice for IIUSA members is
to adopt and enforce appropriate CI Program policies and procedures. The scope and
provisions of such policies and procedures should be tailored to the structure of the
IIUSA member’s business, i.e., whether the IIUSA member deals directly with opening
and managing “accounts” or collaborates with one or more third parties who do so. It is
important that IIUSA members consult with experienced legal counsel in developing
such policies and procedures.
E. APPOINT AN AML CHIEF COMPLIANCE OFFICER (CCO). This person
or persons is responsible for implementing and monitoring the operations and internal
controls of the AML program. Under the BSA, the CCO must be “competent and
knowledgeable regarding BSA requirements and money laundering issues and risks,
and empowered with full responsibility and authority to develop and enforce
appropriate policies and procedures throughout the organization.” Obviously, to the
extent the BSA directly applies to an IIUSA member, such member should comply with
this and all of its requirements, but the Committee believes that even if the BSA may
not be directly applicable, the best practice for IIUSA regional center members is to
appoint a CCO with analogous responsibilities.
F. CURRENCY TRANSACATION REPORT (CTR). The BSA also requires
all “trades and businesses” to report the receipt of “cash,” i.e., currency and cash
equivalents (bank drafts, money orders, traveler’s checks and cashier’s checks) on
FinCEN/IRS Form 8300 (http://www.irs.gov/pub/irs- pdf/f8300.pdf). Generally, any
person who, in the course of a trade or business, receives cash in excess of $10,000 in
one transaction, or in two or more related transactions, must report such transaction on
Form 8300. For IIUSA members, the best practice is not to handle “cash” at all, but in
the rare circumstance that doing so is relevant to an IIUSA member’s business model, it
is imperative that such member implement and follow clear written procedures for
properly documenting and reporting such transactions as required by law.
G. SUSPICIOUS ACTIVITY REPORTING OBLIGATIONS. FinCEN rules
Page 5 of 10 require the filing of Suspicious Activity Reports (SARs) regarding suspicious activities
that are conducted or attempted by, at, or through an institution and that involve in
aggregate at least $5,000 in funds or other assets, including currency and all other forms
of payment. In addition, the rule encourages institutions to file SARs on a voluntary
basis regarding transactions that appear relevant to violations of law or regulation, even
in cases where the $5,000 threshold is not met. According to FinCEN, “suspicious
activity” is any conducted or attempted transaction or pattern of transactions that you
know, suspect, or have reason to suspect meets any of the following conditions:

Involves money from criminal activity;


Is designed to evade BSA requirements, whether through structuring or other means;
Appears to serve no business or other legal purpose and for which available
facts provide no reasonable explanation; or

Involves use of the money services business to facilitate
criminal activity.
Examples of activities that could be considered suspicious and
red flags include:

Use of a false ID, or multiple IDs on different occasions;

Two or more customers use the same or similar IDs (photo or name may be
different);

A customer breaks a large transaction into two or more smaller transactions;

Customer changes a transaction after learning that he or she must show ID;

Customer conducts transactions so that they fall just below amounts that require
reporting or recordkeeping;

Two or more customers seem to be working together to break one transaction into
two or more transactions; and

Customer uses two or more locations or cashiers on the same day to break one
transaction into smaller transactions.
If customer does something obviously criminal – such as offering a bribe or even
admitting to a crime – the law requires an SAR filing if it involves or aggregates
funds or other assets of $2,000 or more.
As summarized by FinCEN8, the law protects you from SAR report civil liability;
you are not being asked to accuse customers of criminal activity. You are only
required to file a SAR if you believe the activity is suspicious and involves $2,000
or more. It is illegal to tell any person involved in the transaction that a SAR has
been filed.
For guidance see:
http://www.fincen.gov/financial_institutions/msb/materials/en/report_reference.html.
The rule permits institutions to delegate contractually the SAR reporting obligations to
Page 6 of 10 separate entities. However, as is the case with other delegated AML responsibilities,
the institution remains ultimately responsible for assuring compliance with the rule,
and therefore must actively monitor the performance of its delegates.
H. REPORTING OF FOREIGN BANK AND FINANCIAL ACCOUNT
(FBAR). This report must be filed by each US Person who has a financial interest,
signature power or other authority over a financial account in a foreign country and
having a value exceeding $10,000 (alone or aggregated with others) at any time during
a calendar year. It must be filed by June 30 of the following year. “US Person” includes
a US person, a resident alien and generally any entity formed in the US, its states,
territories, possessions, enclaves or Indian Tribe territories. “Financial interest”
generally includes acting as an agent and having direct or indirect control of 50% or
more value or voting interest. Physical location of the account outside geographic
boundaries described above is a key concept, so even an interest by a US Person in an
account of a US Bank maintained in a foreign country would be reportable.
I. Note: The filing of this report does not address the requirements of the
Foreign Account Tax Compliance Act (FATCA), enacted in 2010 to combat tax
evasion by US taxpayers by requiring them to report certain foreign financial accounts
and offshore assets to the IRS and by requiring foreign financial institutions (FFIs) to
identify accounts owned by US persons to the IRS.
J. AML TRAINING FOR APPROPRIATE PERSONS. The AML Program
Rules require that “appropriate persons” must be trained “in BSA requirements relevant
to their functions and in possible signs of money laundering that could arise in the
course of their duties.” IIUSA members should incorporate such training into their
overall AML program, including training on aspects of source of funds verification in
the EB-5 context as applicable.
I. TESTING TO ENSURE COMPLIANCE. The AML Program Rules
require that each institution AML program be periodically tested “to assure that the
program is functioning as designed.” IIUSA members should incorporate an
appropriate periodic testing regime into their overall AML program.
J. RECORDS REQUIRED TO BE MAINTAINED (RR). The records
retention requirements include any of the reports described above and additional
extensive requirements. The Rules generally require records retention of at least five
(5) years, and in the case of retention of CI Program records, for at least five (5)
years after the date that the customer’s account is closed. Best practice is for IIUSA
members to comply with this rule regardless of whether they are subject to the BSA.
K. SUMMARY TABLE. The Category Rules follow the same format as
the General Rule and indicate how their requirements vary.
Page 7 of 10 C
C
C
C
C
2022
1023
C
C
1021
Most gaming facilities with gross annual gaming
revenue exceeding $1,000,000, including those on
Tribal Lands.
C
1020
Casinos and Card Clubs
Begins at
31 CFR §:
C
RR
Banks, savings associations and credit unions and
certain non-Federally regulated banks.
G = Follows General Rule, C = Follows Category
Rule
SARs
Depository Institutions
(General Rules begin at 31 CFR §1010)
CI Program
GENERALLY INCLUDE:
AML Program
PROGRAM RULES
Money Services Businesses
(MSBs)
Dealers in foreign exchange, check cashers, Issuers
or sellers of traveler's checks or money orders,
Providers of prepaid access, Money transmitters, The
US Postal Service and Sellers of prepaid access.
C
Brokers or Dealers In
Securities
A broker or dealer in securities, registered or required
to be registered with the Securities and Exchange
Commission (SEC) under the Securities Exchange
Act of 19349 (Exchange Act)
C
C
C
C
Mutual Funds
Any “investment company” (as the term is defined in
section 3 of the Investment Company Act of 194010
(ICA)) that is an “open-end company” (as that term
is defined in section 5 of the ICA) that is registered or
is required to register with the SEC under section 8 of
the ICA.
C
C
C
G
C
G
Page 8 of 10 C
1025
Any person engaged within the United States as a
business in the issuing or underwriting of any
covered product: (1) A permanent life insurance
policy, other than a group life insurance policy;
(2) An annuity contract, other than a group annuity
contract; or
(3) Any other insurance product with features of cash
value or investment.
1024
Insurance Companies
Operators Of Credit Card
Systems
Loan or Finance
Companies
C
G
C
G
C
C
C
G
G
C
G
C
C
G
103112
Investment Advisors (Rule
Proposed 8/25/15)
G
1030
Housing Government
Sponsored Enterprises
C
1029
Any person engaged within the US as a business in
the purchase and sale of covered goods and who,
during the prior calendar or tax year: Purchased more
than $50,000 in, and Received more than $50,000 in
gross proceeds from the sale of, in each case, covered
goods:
(1) Jewels; (2) Precious metals; (3) Precious stones;
and
(4) Finished goods (including numismatic items, and
antiques), that derive 50 percent or more of their
value from jewels, precious metals, or precious
stones contained in or attached to such finished
goods.
Any person doing business in the United States that
operates a system for clearing and settling
transactions in which the operator's credit card,
whether acting as a credit or debit card, is used to
purchase goods or services or to obtain a cash
advance.
A loan or finance company: (i) including a residential
mortgage lender or originator; but excluding:
(1) A bank (except bank credit card systems);
(2) A securities broker or dealer;
(3) An MSB; and
(4) A telegraph company.
(i) The Federal National Mortgage Association;
(ii) The Federal Home Loan Mortgage Corporation;
and
(iii) Each Federal Home Loan Bank.
Investment advisors and managers that are registered
or required to register with the US Securities and
Exchange Commission (SEC), generally those
advisers with over $100 million in regulatory assets
under management. The comment period ends 60
days after 9/1/15.
C
1028
Dealers in Precious Metals,
Precious Stones, or Jewels
C
1027
Any person registered or required to be registered as
a futures commission merchant with the Commodity
Futures Trading Commission (CFTC) under the
Commodities Exchange Act of 193611 (CEA).
1026
Futures Commission
Merchants And Introducing
Brokers In Commodities
Remember:

CTR Obligations apply to all trades and businesses;

FBAR obligations apply to all US Persons;

Temporarily exempted financial institution categories may have rules imposed in the future; and

The Treasury Secretary may act to add additional categories of “financial institutions” and
related rules in the future.
Page 9 of 10 CONCLUSION
In light of the general reporting obligations described above and the broad definition of
“financial institutions” in the BSA and the fact that IIUSA members may play multiple roles
in EB-5 offerings and transactions, including, but not limited to, acting as a lender, brokerdealer, or investment adviser, members should determine whether they are “financial
institutions” under the BSA and the Rules with the assistance of qualified and experienced
counsel. Because the AML Program Rules apply to all BSA “financial institutions,” IIUSA
members that are covered by the BSA and Rules must adopt a robust AML Plan as required by
law. Further, the best practice for IIUSA regional center members that may not technically
qualify as “financial institutions” under the BSA is to nonetheless comply with the spirit of
the AML Program Rules and CI Program provisions by adopting written AML and CI
policies and procedures that are tailored to fit each member’s business model in consultation
with an attorney experienced in this area. Such policies and procedures should be reviewed
and updated regularly.
Finally, this document is meant to provide general guidance to IIUSA members regarding
AML and CI best practices. It (i) is not a complete description of all applicable rules and
reporting obligations; (ii) does not address state and foreign AML laws that may apply;
and (iii) does not itself constitute an AML or CI policy.
1
On May 26, 2011, President Obama signed the PATRIOT Sunsets Extension Act of 2011, a four-year
extension of key provisions in the USA PATRIOT Act. Following a lack of Congressional approval, parts of
the Patriot Act expired on June 1, 2015. With the passage of the USA Freedom Act on June 2, 2015, the expired
parts were restored and renewed through 2019. However, Section 215 of the law was amended to stop the NSA
from continuing its mass phone data collection program.
2
All 27 categories of financial institutions for these purposes may be viewed at:
https://www.ffiec.gov/bsa_aml_infobase/pages_manual/OLM_104.htm.
3
31 U. S. Code § 5318(h)(1).
4
31 U. S. Code § 5318(l).
5
Temporarily exempted categories were Pawnbroker; Travel agency; Telegraph company; Seller of vehicles,
including automobiles, airplanes, and boats; Person involved in real estate closings and settlements; Private
banker; Commodity pool operator; Commodity trading advisor; or Investment company. 31 CFR §1010.205(b).
6
31 CFR Chapter X (§1000 – §1099).
7 Financial Crimes Enforcement Network: Anti‐Money Laundering Program and Suspicious Activity Report Filing Requirements for Registered Investment Advisers, 31 CFR Chapter X (proposed Aug. 25, 2015) (“Proposed Rule”), http://www.gpo.gov/fdsys/pkg/FR‐ 2015‐09‐01/pdf/2015‐21318.pdf. 8
Guidance may be viewed at http://www.fincen.gov/financial_institutions/msb/materials/en/report_reference.html
and
http://www.fincen.gov/whatsnew/pdf/TheNewFinCENSAR-RecordedPresentation.pdf. The rule permits
institutions to delegate contractually the SAR reporting obligations to separate entities. However, as is the case
with other delegated Program responsibilities, the institution remains ultimately responsible for assuring
compliance with the rule, and therefore must actively monitor the performance of its delegates.
9
15 U.S.C. §78a et seq.
10
15 U.S.C. §80a et seq.
11
7 U.S.C. §1 et seq.
12
Financial Crimes Enforcement Network: Anti-Money Laundering Program and Suspicious Activity Report
Filing Requirements for Registered Investment Advisers, 31 CFR Chapter X (proposed Aug. 25, 2015)
(“Proposed Rule”), http://www.gpo.gov/fdsys/pkg/FR- 2015-09-01/pdf/2015-21318.pdf. Page 10 of 10